*** A cyber-hygiene "credit score" is in the works for federal agencies -- but don't expect to see a public report card anytime soon.
Continuous Diagnostics and Mitigation Program Manager Kevin Cox said at FCW's Nov. 28 CDM event that the Agency-Wide Adaptive Risk Enumeration (AWARE) Algorithm is already ingesting data, and the plan is to put it "fully into production heading into FY2020."
The relatively slow rollout is to ensure the data being crunched by the algorithm is accurate, Cox told reporters after his speech, and that agencies are confident the resulting scores "reflect the reality of their systems."
For now, AWARE simply shows how an agency compares to the cross-agency average. "But at the end of the day," Cox said, "we don't want to grade on a curve."
"I don't know that we're going to get to an A-B-C-D-F framework," he said, "but we want to at least get to a set of ranges where agencies know that they should aim for this range for their score."
Even when AWARE moves into production, the risk scores still may not be public, Cox said, as they could effectively steer adversaries to the most vulnerable agencies.
The peer pressure that comes with scorecards can be valuable, he noted, and "we want to be as transparent as possible, but we don't want to put the agencies at risk. So we have to find that balance."
Cox also said that every CFO Act agency is now rolling up data to the federal dashboard, and that 16 non-CFO agencies are doing so through the CDM program's shared services platform.
*** Cyber Command's warfighting platform has cloud troubles.
The command said it won't be able to deploy its big data platform capabilities without added engineering expertise, analytical development and software license renewals, according to a Nov. 26 FBO posting. The Big Data Platform is part of the newly awarded warfighting platform, Unified Platform, and the technology license for the component responsible for configuring and operating it, the Rapid Analytic Deployment Management Framework, is set to lapse. Enlighten IT Consulting currently holds the license, and unless its renewed, Cyber Command won't be able "to transition the BDP from the Amazon Web Services (AWS) GovCloud environment to a USCYBERCOM AWS GovCloud environment," according to the notice.
*** The Department of Health and Human Services released draft guidance for how healthcare providers can more easily implement electronic health records and other health IT.
"Strategy on Reducing Regulatory and Administrative Burden Relating to the Use of Health IT and EHRs," attempts to make the process more simple by making it easier for doctors to input information into EHRs during patient visits, reduce the regulatory reporting requirements for healthcare providers and by improving "the functionality and intuitiveness (ease of use) of EHRs."
This draft outlines more than 40 different recommendations. These recommendations include the development best practices for clinical documentation in EHRs, improving how data is presented in EHRs, creating design standards, increasing training and exploring new approaches through pilot programs. The draft is open for public comment until Jan. 28, 2019.
Posted on Nov 29, 2018 at 1:06 AM